Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/matrix-synapse@1.95.0
Typepypi
Namespace
Namematrix-synapse
Version1.95.0
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.152.1
Latest_non_vulnerable_version1.152.1
Affected_by_vulnerabilities
0
url VCID-1xwm-33sy-3qfv
vulnerability_id VCID-1xwm-33sy-3qfv
summary Synapse is an open source Matrix homeserver implementation. Prior to 1.152.1, in federated rooms, malicious homeservers can craft room events in such a way that prevents Synapse from providing full history to paginating clients. Clients could therefore fail to display room history. This vulnerability is fixed in 1.152.1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-45076
reference_id
reference_type
scores
0
value 0.00091
scoring_system epss
scoring_elements 0.25975
published_at 2026-06-13T12:55:00Z
1
value 0.00091
scoring_system epss
scoring_elements 0.25957
published_at 2026-06-14T12:55:00Z
2
value 0.00091
scoring_system epss
scoring_elements 0.25759
published_at 2026-06-11T12:55:00Z
3
value 0.00091
scoring_system epss
scoring_elements 0.25959
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-45076
1
reference_url https://github.com/element-hq/synapse
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/element-hq/synapse
2
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2026-194.yaml
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2026-194.yaml
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-45076
reference_id
reference_type
scores
0
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-45076
4
reference_url https://github.com/advisories/GHSA-6qf2-7x63-mm6v
reference_id GHSA-6qf2-7x63-mm6v
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-6qf2-7x63-mm6v
5
reference_url https://github.com/element-hq/synapse/security/advisories/GHSA-6qf2-7x63-mm6v
reference_id GHSA-6qf2-7x63-mm6v
reference_type
scores
0
value 2.7
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value 5.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
3
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
4
value MODERATE
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-06-02T14:51:22Z/
url https://github.com/element-hq/synapse/security/advisories/GHSA-6qf2-7x63-mm6v
fixed_packages
0
url pkg:pypi/matrix-synapse@1.152.1
purl pkg:pypi/matrix-synapse@1.152.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/matrix-synapse@1.152.1
aliases CVE-2026-45076, CVE-2026-45076,, GHSA-6qf2-7x63-mm6v, PYSEC-2026-194
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1xwm-33sy-3qfv
1
url VCID-2ctw-4fy5-4ufd
vulnerability_id VCID-2ctw-4fy5-4ufd
summary Synapse is an open-source Matrix homeserver. A remote Matrix user with malicious intent, sharing a room with Synapse instances before 1.105.1, can dispatch specially crafted events to exploit a weakness in the V2 state resolution algorithm. This can induce high CPU consumption and accumulate excessive data in the database of such instances, resulting in a denial of service. Servers in private federations, or those that do not federate, are not affected. Server administrators should upgrade to 1.105.1 or later. Some workarounds are available. One can ban the malicious users or ACL block servers from the rooms and/or leave the room and purge the room using the admin API.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-31208
reference_id
reference_type
scores
0
value 0.0419
scoring_system epss
scoring_elements 0.8897
published_at 2026-06-11T12:55:00Z
1
value 0.0419
scoring_system epss
scoring_elements 0.89013
published_at 2026-06-14T12:55:00Z
2
value 0.0419
scoring_system epss
scoring_elements 0.89015
published_at 2026-06-13T12:55:00Z
3
value 0.0419
scoring_system epss
scoring_elements 0.89008
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-31208
1
reference_url https://github.com/element-hq/synapse
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/element-hq/synapse
2
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2024-50.yaml
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2024-50.yaml
3
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R6FCCO4ODTZ3FDS7TMW76PKOSEL2TQVB
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R6FCCO4ODTZ3FDS7TMW76PKOSEL2TQVB
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RR53FNHV446CB37TP45GZ6F6HZLZCK3K
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RR53FNHV446CB37TP45GZ6F6HZLZCK3K
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSF4NJJSTSQRJQ47PLYYSCFYKJBP7DET
reference_id
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSF4NJJSTSQRJQ47PLYYSCFYKJBP7DET
6
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1069763
reference_id 1069763
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1069763
7
reference_url https://github.com/element-hq/synapse/commit/55b0aa847a61774b6a3acdc4b177a20dc019f01a
reference_id 55b0aa847a61774b6a3acdc4b177a20dc019f01a
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-23T19:13:09Z/
url https://github.com/element-hq/synapse/commit/55b0aa847a61774b6a3acdc4b177a20dc019f01a
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-31208
reference_id CVE-2024-31208
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-31208
9
reference_url https://github.com/advisories/GHSA-3h7q-rfh9-xm4v
reference_id GHSA-3h7q-rfh9-xm4v
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-3h7q-rfh9-xm4v
10
reference_url https://github.com/element-hq/synapse/security/advisories/GHSA-3h7q-rfh9-xm4v
reference_id GHSA-3h7q-rfh9-xm4v
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-23T19:13:09Z/
url https://github.com/element-hq/synapse/security/advisories/GHSA-3h7q-rfh9-xm4v
11
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R6FCCO4ODTZ3FDS7TMW76PKOSEL2TQVB/
reference_id R6FCCO4ODTZ3FDS7TMW76PKOSEL2TQVB
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-23T19:13:09Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/R6FCCO4ODTZ3FDS7TMW76PKOSEL2TQVB/
12
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RR53FNHV446CB37TP45GZ6F6HZLZCK3K/
reference_id RR53FNHV446CB37TP45GZ6F6HZLZCK3K
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-23T19:13:09Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RR53FNHV446CB37TP45GZ6F6HZLZCK3K/
13
reference_url https://usn.ubuntu.com/7444-1/
reference_id USN-7444-1
reference_type
scores
url https://usn.ubuntu.com/7444-1/
14
reference_url https://github.com/element-hq/synapse/releases/tag/v1.105.1
reference_id v1.105.1
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-23T19:13:09Z/
url https://github.com/element-hq/synapse/releases/tag/v1.105.1
15
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSF4NJJSTSQRJQ47PLYYSCFYKJBP7DET/
reference_id VSF4NJJSTSQRJQ47PLYYSCFYKJBP7DET
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-04-23T19:13:09Z/
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSF4NJJSTSQRJQ47PLYYSCFYKJBP7DET/
fixed_packages
0
url pkg:pypi/matrix-synapse@1.105.1
purl pkg:pypi/matrix-synapse@1.105.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1xwm-33sy-3qfv
1
vulnerability VCID-3ngy-dt6j-tuef
2
vulnerability VCID-7v7h-zrjj-pkh3
3
vulnerability VCID-c1vt-9j6a-b7cr
4
vulnerability VCID-hqwh-2un3-bqd8
5
vulnerability VCID-n8mv-4upg-hfa3
6
vulnerability VCID-rcdd-qkxt-nuez
7
vulnerability VCID-s1jf-x5ug-jqcq
8
vulnerability VCID-y6j7-eetd-pkfh
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/matrix-synapse@1.105.1
aliases CVE-2024-31208, GHSA-3h7q-rfh9-xm4v, PYSEC-2024-50
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2ctw-4fy5-4ufd
2
url VCID-3ngy-dt6j-tuef
vulnerability_id VCID-3ngy-dt6j-tuef
summary Synapse is an open source Matrix homeserver implementation. A malicious server can craft events which, when received, prevent Synapse version up to 1.127.0 from federating with other servers. The vulnerability has been exploited in the wild and has been fixed in Synapse v1.127.1. No known workarounds are available.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-30355
reference_id
reference_type
scores
0
value 0.13201
scoring_system epss
scoring_elements 0.94296
published_at 2026-06-11T12:55:00Z
1
value 0.13201
scoring_system epss
scoring_elements 0.94323
published_at 2026-06-14T12:55:00Z
2
value 0.13201
scoring_system epss
scoring_elements 0.94317
published_at 2026-06-12T12:55:00Z
3
value 0.13201
scoring_system epss
scoring_elements 0.94321
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-30355
1
reference_url https://github.com/element-hq/synapse
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/element-hq/synapse
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-30355
reference_id
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-30355
3
reference_url https://github.com/element-hq/synapse/commit/2277df2a1eb685f85040ef98fa21d41aa4cdd389
reference_id 2277df2a1eb685f85040ef98fa21d41aa4cdd389
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-27T13:47:41Z/
url https://github.com/element-hq/synapse/commit/2277df2a1eb685f85040ef98fa21d41aa4cdd389
4
reference_url https://github.com/advisories/GHSA-v56r-hwv5-mxg6
reference_id GHSA-v56r-hwv5-mxg6
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-v56r-hwv5-mxg6
5
reference_url https://github.com/element-hq/synapse/security/advisories/GHSA-v56r-hwv5-mxg6
reference_id GHSA-v56r-hwv5-mxg6
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-27T13:47:41Z/
url https://github.com/element-hq/synapse/security/advisories/GHSA-v56r-hwv5-mxg6
6
reference_url https://github.com/element-hq/synapse/releases/tag/v1.127.1
reference_id v1.127.1
reference_type
scores
0
value 7.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
1
value HIGH
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-03-27T13:47:41Z/
url https://github.com/element-hq/synapse/releases/tag/v1.127.1
fixed_packages
0
url pkg:pypi/matrix-synapse@1.127.1
purl pkg:pypi/matrix-synapse@1.127.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1xwm-33sy-3qfv
1
vulnerability VCID-n8mv-4upg-hfa3
2
vulnerability VCID-y6j7-eetd-pkfh
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/matrix-synapse@1.127.1
aliases CVE-2025-30355, GHSA-v56r-hwv5-mxg6
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3ngy-dt6j-tuef
3
url VCID-7v7h-zrjj-pkh3
vulnerability_id VCID-7v7h-zrjj-pkh3
summary Synapse is an open-source Matrix homeserver. Synapse versions before 1.106 are vulnerable to a disk fill attack, where an unauthenticated adversary can induce Synapse to download and cache large amounts of remote media. The default rate limit strategy is insufficient to mitigate this. This can lead to a denial of service, ranging from further media uploads/downloads failing to completely unavailability of the Synapse process, depending on how Synapse was deployed. Synapse 1.106 introduces a new "leaky bucket" rate limit on remote media downloads to reduce the amount of data a user can request at a time. This does not fully address the issue, but does limit an unauthenticated user's ability to request large amounts of data to be cached.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-37302
reference_id
reference_type
scores
0
value 0.00568
scoring_system epss
scoring_elements 0.69089
published_at 2026-06-12T12:55:00Z
1
value 0.00568
scoring_system epss
scoring_elements 0.69096
published_at 2026-06-14T12:55:00Z
2
value 0.00568
scoring_system epss
scoring_elements 0.68997
published_at 2026-06-11T12:55:00Z
3
value 0.00568
scoring_system epss
scoring_elements 0.69101
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-37302
1
reference_url https://github.com/element-hq/synapse
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/element-hq/synapse
2
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2024-286.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2024-286.yaml
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-37302
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-37302
4
reference_url https://github.com/advisories/GHSA-4mhg-xv73-xq2x
reference_id GHSA-4mhg-xv73-xq2x
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-4mhg-xv73-xq2x
5
reference_url https://github.com/element-hq/synapse/security/advisories/GHSA-4mhg-xv73-xq2x
reference_id GHSA-4mhg-xv73-xq2x
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-03T18:55:21Z/
url https://github.com/element-hq/synapse/security/advisories/GHSA-4mhg-xv73-xq2x
fixed_packages
0
url pkg:pypi/matrix-synapse@1.106.0
purl pkg:pypi/matrix-synapse@1.106.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1xwm-33sy-3qfv
1
vulnerability VCID-3ngy-dt6j-tuef
2
vulnerability VCID-hqwh-2un3-bqd8
3
vulnerability VCID-n8mv-4upg-hfa3
4
vulnerability VCID-rcdd-qkxt-nuez
5
vulnerability VCID-s1jf-x5ug-jqcq
6
vulnerability VCID-y6j7-eetd-pkfh
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/matrix-synapse@1.106.0
1
url pkg:pypi/matrix-synapse@1.106
purl pkg:pypi/matrix-synapse@1.106
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/matrix-synapse@1.106
aliases CVE-2024-37302, GHSA-4mhg-xv73-xq2x, PYSEC-2024-286
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7v7h-zrjj-pkh3
4
url VCID-c1vt-9j6a-b7cr
vulnerability_id VCID-c1vt-9j6a-b7cr
summary Synapse is an open-source Matrix homeserver. Synapse before version 1.106 allows, by design, unauthenticated remote participants to trigger a download and caching of remote media from a remote homeserver to the local media repository. Such content then also becomes available for download from the local homeserver in an unauthenticated way. The implication is that unauthenticated remote adversaries can use this functionality to plant problematic content into the media repository. Synapse 1.106 introduces a partial mitigation in the form of new endpoints which require authentication for media downloads. The unauthenticated endpoints will be frozen in a future release, closing the attack vector.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-37303
reference_id
reference_type
scores
0
value 0.00342
scoring_system epss
scoring_elements 0.57331
published_at 2026-06-12T12:55:00Z
1
value 0.00342
scoring_system epss
scoring_elements 0.57346
published_at 2026-06-13T12:55:00Z
2
value 0.00342
scoring_system epss
scoring_elements 0.57338
published_at 2026-06-14T12:55:00Z
3
value 0.00342
scoring_system epss
scoring_elements 0.57213
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-37303
1
reference_url https://github.com/element-hq/synapse
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/element-hq/synapse
2
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2024-287.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2024-287.yaml
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-37303
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-37303
4
reference_url https://github.com/matrix-org/matrix-spec-proposals/pull/3916
reference_id 3916
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
2
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
3
value MODERATE
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-03T18:49:29Z/
url https://github.com/matrix-org/matrix-spec-proposals/pull/3916
5
reference_url https://github.com/advisories/GHSA-gjgr-7834-rhxr
reference_id GHSA-gjgr-7834-rhxr
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-gjgr-7834-rhxr
6
reference_url https://github.com/element-hq/synapse/security/advisories/GHSA-gjgr-7834-rhxr
reference_id GHSA-gjgr-7834-rhxr
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
1
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
2
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
3
value 6.9
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N
4
value MODERATE
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-03T18:49:29Z/
url https://github.com/element-hq/synapse/security/advisories/GHSA-gjgr-7834-rhxr
fixed_packages
0
url pkg:pypi/matrix-synapse@1.106.0
purl pkg:pypi/matrix-synapse@1.106.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1xwm-33sy-3qfv
1
vulnerability VCID-3ngy-dt6j-tuef
2
vulnerability VCID-hqwh-2un3-bqd8
3
vulnerability VCID-n8mv-4upg-hfa3
4
vulnerability VCID-rcdd-qkxt-nuez
5
vulnerability VCID-s1jf-x5ug-jqcq
6
vulnerability VCID-y6j7-eetd-pkfh
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/matrix-synapse@1.106.0
1
url pkg:pypi/matrix-synapse@1.106
purl pkg:pypi/matrix-synapse@1.106
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/matrix-synapse@1.106
aliases CVE-2024-37303, GHSA-gjgr-7834-rhxr, PYSEC-2024-287
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-c1vt-9j6a-b7cr
5
url VCID-hqwh-2un3-bqd8
vulnerability_id VCID-hqwh-2un3-bqd8
summary Synapse is an open-source Matrix homeserver. Synapse versions before 1.120.1 fail to properly validate invites received over federation. This vulnerability allows a malicious server to send a specially crafted invite that disrupts the invited user's /sync functionality. Synapse 1.120.1 rejects such invalid invites received over federation and restores the ability to sync for affected users.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-52815
reference_id
reference_type
scores
0
value 0.00353
scoring_system epss
scoring_elements 0.58194
published_at 2026-06-12T12:55:00Z
1
value 0.00353
scoring_system epss
scoring_elements 0.58198
published_at 2026-06-14T12:55:00Z
2
value 0.00353
scoring_system epss
scoring_elements 0.5808
published_at 2026-06-11T12:55:00Z
3
value 0.00353
scoring_system epss
scoring_elements 0.5821
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-52815
1
reference_url https://github.com/element-hq/synapse
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/element-hq/synapse
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-52815
reference_id
reference_type
scores
0
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-52815
3
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088995
reference_id 1088995
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088995
4
reference_url https://github.com/advisories/GHSA-f3r3-h2mq-hx2h
reference_id GHSA-f3r3-h2mq-hx2h
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-f3r3-h2mq-hx2h
5
reference_url https://github.com/element-hq/synapse/security/advisories/GHSA-f3r3-h2mq-hx2h
reference_id GHSA-f3r3-h2mq-hx2h
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
1
value 8.7
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-03T19:05:32Z/
url https://github.com/element-hq/synapse/security/advisories/GHSA-f3r3-h2mq-hx2h
fixed_packages
0
url pkg:pypi/matrix-synapse@1.120.1
purl pkg:pypi/matrix-synapse@1.120.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/matrix-synapse@1.120.1
aliases CVE-2024-52815, GHSA-f3r3-h2mq-hx2h
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hqwh-2un3-bqd8
6
url VCID-n8mv-4upg-hfa3
vulnerability_id VCID-n8mv-4upg-hfa3
summary Synapse is an open source Matrix homeserver implementation. Prior to 1.152.1, local authenticated users can cause Synapse to starve other requests of CPU and lead to other requests failing, causing other users to be denied service. This vulnerability is fixed in 1.152.1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-45078
reference_id
reference_type
scores
0
value 0.00014
scoring_system epss
scoring_elements 0.02901
published_at 2026-06-14T12:55:00Z
1
value 0.00014
scoring_system epss
scoring_elements 0.0289
published_at 2026-06-13T12:55:00Z
2
value 0.00014
scoring_system epss
scoring_elements 0.02895
published_at 2026-06-11T12:55:00Z
3
value 0.00014
scoring_system epss
scoring_elements 0.02905
published_at 2026-06-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-45078
1
reference_url https://github.com/element-hq/synapse
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/element-hq/synapse
2
reference_url https://github.com/element-hq/synapse/commit/3f58bc50dfba5768ee43ce48c5e74c25ba0b078a
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/element-hq/synapse/commit/3f58bc50dfba5768ee43ce48c5e74c25ba0b078a
3
reference_url https://github.com/element-hq/synapse/issues/19394
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/element-hq/synapse/issues/19394
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2026-191.yaml
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2026-191.yaml
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-45078
reference_id
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-45078
6
reference_url https://github.com/advisories/GHSA-8q93-326v-3m7g
reference_id GHSA-8q93-326v-3m7g
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-8q93-326v-3m7g
7
reference_url https://github.com/element-hq/synapse/security/advisories/GHSA-8q93-326v-3m7g
reference_id GHSA-8q93-326v-3m7g
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
1
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
2
value 6.8
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
3
value 7.1
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
4
value HIGH
scoring_system generic_textual
scoring_elements
5
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-05-29T15:31:35Z/
url https://github.com/element-hq/synapse/security/advisories/GHSA-8q93-326v-3m7g
fixed_packages
0
url pkg:pypi/matrix-synapse@1.152.1
purl pkg:pypi/matrix-synapse@1.152.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/matrix-synapse@1.152.1
aliases CVE-2026-45078, CVE-2026-45078,, GHSA-8q93-326v-3m7g, PYSEC-2026-191
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n8mv-4upg-hfa3
7
url VCID-rcdd-qkxt-nuez
vulnerability_id VCID-rcdd-qkxt-nuez
summary Synapse is an open-source Matrix homeserver. In Synapse versions before 1.120.1, enabling the dynamic_thumbnails option or processing a specially crafted request could trigger the decoding and thumbnail generation of uncommon image formats, potentially invoking external tools like Ghostscript for processing. This significantly expands the attack surface in a historically vulnerable area, presenting a risk that far outweighs the benefit, particularly since these formats are rarely used on the open web or within the Matrix ecosystem. Synapse 1.120.1 addresses the issue by restricting thumbnail generation to images in the following widely used formats: PNG, JPEG, GIF, and WebP. This vulnerability is fixed in 1.120.1.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-53863
reference_id
reference_type
scores
0
value 0.00962
scoring_system epss
scoring_elements 0.76998
published_at 2026-06-12T12:55:00Z
1
value 0.00962
scoring_system epss
scoring_elements 0.77006
published_at 2026-06-14T12:55:00Z
2
value 0.00962
scoring_system epss
scoring_elements 0.76926
published_at 2026-06-11T12:55:00Z
3
value 0.00962
scoring_system epss
scoring_elements 0.77013
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-53863
1
reference_url https://github.com/element-hq/synapse
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/element-hq/synapse
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-53863
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-53863
3
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088995
reference_id 1088995
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088995
4
reference_url https://github.com/advisories/GHSA-vp6v-whfm-rv3g
reference_id GHSA-vp6v-whfm-rv3g
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-vp6v-whfm-rv3g
5
reference_url https://github.com/element-hq/synapse/security/advisories/GHSA-vp6v-whfm-rv3g
reference_id GHSA-vp6v-whfm-rv3g
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N
2
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-03T19:07:32Z/
url https://github.com/element-hq/synapse/security/advisories/GHSA-vp6v-whfm-rv3g
6
reference_url https://usn.ubuntu.com/7444-1/
reference_id USN-7444-1
reference_type
scores
url https://usn.ubuntu.com/7444-1/
fixed_packages
0
url pkg:pypi/matrix-synapse@1.120.1
purl pkg:pypi/matrix-synapse@1.120.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/matrix-synapse@1.120.1
aliases CVE-2024-53863, GHSA-vp6v-whfm-rv3g
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-rcdd-qkxt-nuez
8
url VCID-s1jf-x5ug-jqcq
vulnerability_id VCID-s1jf-x5ug-jqcq
summary Synapse is an open-source Matrix homeserver. In Synapse before 1.120.1, multipart/form-data requests can in certain configurations transiently increase memory consumption beyond expected levels while processing the request, which can be used to amplify denial of service attacks. Synapse 1.120.1 resolves the issue by denying requests with unsupported multipart/form-data content type.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-52805
reference_id
reference_type
scores
0
value 0.01089
scoring_system epss
scoring_elements 0.78418
published_at 2026-06-14T12:55:00Z
1
value 0.01089
scoring_system epss
scoring_elements 0.78422
published_at 2026-06-13T12:55:00Z
2
value 0.01089
scoring_system epss
scoring_elements 0.78408
published_at 2026-06-12T12:55:00Z
3
value 0.01089
scoring_system epss
scoring_elements 0.7834
published_at 2026-06-11T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-52805
1
reference_url https://github.com/element-hq/synapse
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://github.com/element-hq/synapse
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2024-52805
reference_id
reference_type
scores
0
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
1
value HIGH
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2024-52805
3
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088995
reference_id 1088995
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1088995
4
reference_url https://github.com/twisted/twisted/issues/4688#issuecomment-1167705518
reference_id 4688#issuecomment-1167705518
reference_type
scores
0
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-03T19:04:05Z/
url https://github.com/twisted/twisted/issues/4688#issuecomment-1167705518
5
reference_url https://github.com/twisted/twisted/issues/4688#issuecomment-2385711609
reference_id 4688#issuecomment-2385711609
reference_type
scores
0
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
2
value HIGH
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-03T19:04:05Z/
url https://github.com/twisted/twisted/issues/4688#issuecomment-2385711609
6
reference_url https://github.com/advisories/GHSA-rfq8-j7rh-8hf2
reference_id GHSA-rfq8-j7rh-8hf2
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-rfq8-j7rh-8hf2
7
reference_url https://github.com/element-hq/synapse/security/advisories/GHSA-rfq8-j7rh-8hf2
reference_id GHSA-rfq8-j7rh-8hf2
reference_type
scores
0
value HIGH
scoring_system cvssv3.1_qr
scoring_elements
1
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
2
value 8.2
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
3
value HIGH
scoring_system generic_textual
scoring_elements
4
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-03T19:04:05Z/
url https://github.com/element-hq/synapse/security/advisories/GHSA-rfq8-j7rh-8hf2
fixed_packages
0
url pkg:pypi/matrix-synapse@1.120.1
purl pkg:pypi/matrix-synapse@1.120.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/matrix-synapse@1.120.1
aliases CVE-2024-52805, GHSA-rfq8-j7rh-8hf2
risk_score 4.0
exploitability 0.5
weighted_severity 8.0
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s1jf-x5ug-jqcq
9
url VCID-y6j7-eetd-pkfh
vulnerability_id VCID-y6j7-eetd-pkfh
summary Synapse is an open source Matrix homeserver implementation. Lack of validation for device keys in Synapse before 1.138.3 and in Synapse 1.139.0 allow an attacker registered on the victim homeserver to degrade federation functionality, unpredictably breaking outbound federation to other homeservers. The issue is patched in Synapse 1.138.3, 1.138.4, 1.139.1, and 1.139.2. Note that even though 1.138.3 and 1.139.1 fix the vulnerability, they inadvertently introduced an unrelated regression. For this reason, the maintainers of Synapse recommend skipping these releases and upgrading straight to 1.138.4 and 1.139.2.
references
0
reference_url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61672.json
reference_id
reference_type
scores
0
value 5.4
scoring_system cvssv3
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
url https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-61672.json
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-61672
reference_id
reference_type
scores
0
value 0.00046
scoring_system epss
scoring_elements 0.14801
published_at 2026-06-12T12:55:00Z
1
value 0.00046
scoring_system epss
scoring_elements 0.14679
published_at 2026-06-11T12:55:00Z
2
value 0.0005
scoring_system epss
scoring_elements 0.16114
published_at 2026-06-14T12:55:00Z
3
value 0.0005
scoring_system epss
scoring_elements 0.16148
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-61672
2
reference_url https://github.com/element-hq/synapse
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/element-hq/synapse
3
reference_url https://github.com/element-hq/synapse/releases/tag/v1.138.4
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/element-hq/synapse/releases/tag/v1.138.4
4
reference_url https://github.com/element-hq/synapse/releases/tag/v1.139.2
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/element-hq/synapse/releases/tag/v1.139.2
5
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117854
reference_id 1117854
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1117854
6
reference_url https://github.com/element-hq/synapse/pull/17097
reference_id 17097
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-15T16:10:58Z/
url https://github.com/element-hq/synapse/pull/17097
7
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2402525
reference_id 2402525
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2402525
8
reference_url https://github.com/element-hq/synapse/commit/26aaaf9e48fff80cf67a20c691c75d670034b3c1
reference_id 26aaaf9e48fff80cf67a20c691c75d670034b3c1
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-15T16:10:58Z/
url https://github.com/element-hq/synapse/commit/26aaaf9e48fff80cf67a20c691c75d670034b3c1
9
reference_url https://github.com/element-hq/synapse/commit/7069636c2d6d1ef2022287addf3ed8b919ef2740
reference_id 7069636c2d6d1ef2022287addf3ed8b919ef2740
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-15T16:10:58Z/
url https://github.com/element-hq/synapse/commit/7069636c2d6d1ef2022287addf3ed8b919ef2740
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2025-61672
reference_id CVE-2025-61672
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2025-61672
11
reference_url https://github.com/advisories/GHSA-fh66-fcv5-jjfr
reference_id GHSA-fh66-fcv5-jjfr
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-fh66-fcv5-jjfr
12
reference_url https://github.com/element-hq/synapse/security/advisories/GHSA-fh66-fcv5-jjfr
reference_id GHSA-fh66-fcv5-jjfr
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
1
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
2
value MODERATE
scoring_system generic_textual
scoring_elements
3
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-15T16:10:58Z/
url https://github.com/element-hq/synapse/security/advisories/GHSA-fh66-fcv5-jjfr
13
reference_url https://github.com/element-hq/synapse/releases/tag/v1.138.3
reference_id v1.138.3
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-15T16:10:58Z/
url https://github.com/element-hq/synapse/releases/tag/v1.138.3
14
reference_url https://github.com/element-hq/synapse/releases/tag/v1.139.1
reference_id v1.139.1
reference_type
scores
0
value 5.3
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-10-15T16:10:58Z/
url https://github.com/element-hq/synapse/releases/tag/v1.139.1
fixed_packages
0
url pkg:pypi/matrix-synapse@1.138.3
purl pkg:pypi/matrix-synapse@1.138.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1xwm-33sy-3qfv
1
vulnerability VCID-n8mv-4upg-hfa3
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/matrix-synapse@1.138.3
1
url pkg:pypi/matrix-synapse@1.139.1
purl pkg:pypi/matrix-synapse@1.139.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1xwm-33sy-3qfv
1
vulnerability VCID-n8mv-4upg-hfa3
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/matrix-synapse@1.139.1
aliases CVE-2025-61672, GHSA-fh66-fcv5-jjfr
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-y6j7-eetd-pkfh
10
url VCID-z6uu-5bdh-pud4
vulnerability_id VCID-z6uu-5bdh-pud4
summary Multiple vulnerabilites have been found in Synapse, the worst of which could result in information leaks.
references
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-43796
reference_id
reference_type
scores
0
value 0.00233
scoring_system epss
scoring_elements 0.46465
published_at 2026-06-13T12:55:00Z
1
value 0.00233
scoring_system epss
scoring_elements 0.46455
published_at 2026-06-12T12:55:00Z
2
value 0.00233
scoring_system epss
scoring_elements 0.46309
published_at 2026-06-11T12:55:00Z
3
value 0.00233
scoring_system epss
scoring_elements 0.46451
published_at 2026-06-14T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-43796
1
reference_url https://github.com/matrix-org/synapse
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse
2
reference_url https://github.com/matrix-org/synapse/commit/daec55e1fe120c564240c5386e77941372bf458f
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/commit/daec55e1fe120c564240c5386e77941372bf458f
3
reference_url https://github.com/matrix-org/synapse/security/advisories/GHSA-mp92-3jfm-3575
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
2
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/matrix-org/synapse/security/advisories/GHSA-mp92-3jfm-3575
4
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2023-230.yaml
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/pypa/advisory-database/tree/main/vulns/matrix-synapse/PYSEC-2023-230.yaml
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2IDEEZMFJBDLTFHQUTZRJJNCOZGQ2ZVS
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2IDEEZMFJBDLTFHQUTZRJJNCOZGQ2ZVS
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VH3RNC5ZPQZ4OKPSL4E6BBJSZOQLGDEY
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VH3RNC5ZPQZ4OKPSL4E6BBJSZOQLGDEY
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-43796
reference_id
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2023-43796
8
reference_url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055255
reference_id 1055255
reference_type
scores
url https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1055255
9
reference_url https://github.com/advisories/GHSA-mp92-3jfm-3575
reference_id GHSA-mp92-3jfm-3575
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-mp92-3jfm-3575
10
reference_url https://usn.ubuntu.com/7444-1/
reference_id USN-7444-1
reference_type
scores
url https://usn.ubuntu.com/7444-1/
fixed_packages
0
url pkg:pypi/matrix-synapse@1.95.1
purl pkg:pypi/matrix-synapse@1.95.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1xwm-33sy-3qfv
1
vulnerability VCID-2ctw-4fy5-4ufd
2
vulnerability VCID-3ngy-dt6j-tuef
3
vulnerability VCID-7v7h-zrjj-pkh3
4
vulnerability VCID-c1vt-9j6a-b7cr
5
vulnerability VCID-hqwh-2un3-bqd8
6
vulnerability VCID-n8mv-4upg-hfa3
7
vulnerability VCID-rcdd-qkxt-nuez
8
vulnerability VCID-s1jf-x5ug-jqcq
9
vulnerability VCID-y6j7-eetd-pkfh
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/matrix-synapse@1.95.1
aliases CVE-2023-43796, GHSA-mp92-3jfm-3575, PYSEC-2023-230
risk_score 3.1
exploitability 0.5
weighted_severity 6.2
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-z6uu-5bdh-pud4
Fixing_vulnerabilities
Risk_score4.0
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/matrix-synapse@1.95.0